PageRenderTime 532ms CodeModel.GetById 181ms app.highlight 166ms RepoModel.GetById 176ms app.codeStats 1ms

/gecko_api/include/cms.h

http://firefox-mac-pdf.googlecode.com/
C++ Header | 1134 lines | 349 code | 170 blank | 615 comment | 0 complexity | 2c33034ad53faacd447890c6efa011e7 MD5 | raw file
   1/* ***** BEGIN LICENSE BLOCK *****
   2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
   3 *
   4 * The contents of this file are subject to the Mozilla Public License Version
   5 * 1.1 (the "License"); you may not use this file except in compliance with
   6 * the License. You may obtain a copy of the License at
   7 * http://www.mozilla.org/MPL/
   8 *
   9 * Software distributed under the License is distributed on an "AS IS" basis,
  10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11 * for the specific language governing rights and limitations under the
  12 * License.
  13 *
  14 * The Original Code is the Netscape security libraries.
  15 *
  16 * The Initial Developer of the Original Code is
  17 * Netscape Communications Corporation.
  18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19 * the Initial Developer. All Rights Reserved.
  20 *
  21 * Contributor(s):
  22 *
  23 * Alternatively, the contents of this file may be used under the terms of
  24 * either the GNU General Public License Version 2 or later (the "GPL"), or
  25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  26 * in which case the provisions of the GPL or the LGPL are applicable instead
  27 * of those above. If you wish to allow use of your version of this file only
  28 * under the terms of either the GPL or the LGPL, and not to allow others to
  29 * use your version of this file under the terms of the MPL, indicate your
  30 * decision by deleting the provisions above and replace them with the notice
  31 * and other provisions required by the GPL or the LGPL. If you do not delete
  32 * the provisions above, a recipient may use your version of this file under
  33 * the terms of any one of the MPL, the GPL or the LGPL.
  34 *
  35 * ***** END LICENSE BLOCK ***** */
  36
  37/*
  38 * Interfaces of the CMS implementation.
  39 *
  40 * $Id: cms.h,v 1.21 2006/02/08 06:13:43 rrelyea%redhat.com Exp $
  41 */
  42
  43#ifndef _CMS_H_
  44#define _CMS_H_
  45
  46#include "seccomon.h"
  47
  48#include "secoidt.h"
  49#include "certt.h"
  50#include "keyt.h"
  51#include "hasht.h"
  52#include "cmst.h"
  53
  54/************************************************************************/
  55SEC_BEGIN_PROTOS
  56
  57/************************************************************************
  58 * cmsdecode.c - CMS decoding
  59 ************************************************************************/
  60
  61/*
  62 * NSS_CMSDecoder_Start - set up decoding of a DER-encoded CMS message
  63 *
  64 * "poolp" - pointer to arena for message, or NULL if new pool should be created
  65 * "cb", "cb_arg" - callback function and argument for delivery of inner content
  66 *                  inner content will be stored in the message if cb is NULL.
  67 * "pwfn", pwfn_arg" - callback function for getting token password
  68 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
  69 */
  70extern NSSCMSDecoderContext *
  71NSS_CMSDecoder_Start(PRArenaPool *poolp,
  72		      NSSCMSContentCallback cb, void *cb_arg,
  73		      PK11PasswordFunc pwfn, void *pwfn_arg,
  74		      NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
  75
  76/*
  77 * NSS_CMSDecoder_Update - feed DER-encoded data to decoder
  78 */
  79extern SECStatus
  80NSS_CMSDecoder_Update(NSSCMSDecoderContext *p7dcx, const char *buf, unsigned long len);
  81
  82/*
  83 * NSS_CMSDecoder_Cancel - cancel a decoding process
  84 */
  85extern void
  86NSS_CMSDecoder_Cancel(NSSCMSDecoderContext *p7dcx);
  87
  88/*
  89 * NSS_CMSDecoder_Finish - mark the end of inner content and finish decoding
  90 */
  91extern NSSCMSMessage *
  92NSS_CMSDecoder_Finish(NSSCMSDecoderContext *p7dcx);
  93
  94/*
  95 * NSS_CMSMessage_CreateFromDER - decode a CMS message from DER encoded data
  96 */
  97extern NSSCMSMessage *
  98NSS_CMSMessage_CreateFromDER(SECItem *DERmessage,
  99		    NSSCMSContentCallback cb, void *cb_arg,
 100		    PK11PasswordFunc pwfn, void *pwfn_arg,
 101		    NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
 102
 103/************************************************************************
 104 * cmsencode.c - CMS encoding
 105 ************************************************************************/
 106
 107/*
 108 * NSS_CMSEncoder_Start - set up encoding of a CMS message
 109 *
 110 * "cmsg" - message to encode
 111 * "outputfn", "outputarg" - callback function for delivery of DER-encoded output
 112 *                           will not be called if NULL.
 113 * "dest" - if non-NULL, pointer to SECItem that will hold the DER-encoded output
 114 * "destpoolp" - pool to allocate DER-encoded output in
 115 * "pwfn", pwfn_arg" - callback function for getting token password
 116 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
 117 * "detached_digestalgs", "detached_digests" - digests from detached content
 118 */
 119extern NSSCMSEncoderContext *
 120NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
 121			NSSCMSContentCallback outputfn, void *outputarg,
 122			SECItem *dest, PLArenaPool *destpoolp,
 123			PK11PasswordFunc pwfn, void *pwfn_arg,
 124			NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
 125			SECAlgorithmID **detached_digestalgs, SECItem **detached_digests);
 126
 127/*
 128 * NSS_CMSEncoder_Update - take content data delivery from the user
 129 *
 130 * "p7ecx" - encoder context
 131 * "data" - content data
 132 * "len" - length of content data
 133 */
 134extern SECStatus
 135NSS_CMSEncoder_Update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned long len);
 136
 137/*
 138 * NSS_CMSEncoder_Cancel - stop all encoding
 139 */
 140extern SECStatus
 141NSS_CMSEncoder_Cancel(NSSCMSEncoderContext *p7ecx);
 142
 143/*
 144 * NSS_CMSEncoder_Finish - signal the end of data
 145 *
 146 * we need to walk down the chain of encoders and the finish them from the innermost out
 147 */
 148extern SECStatus
 149NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx);
 150
 151/************************************************************************
 152 * cmsmessage.c - CMS message object
 153 ************************************************************************/
 154
 155/*
 156 * NSS_CMSMessage_Create - create a CMS message object
 157 *
 158 * "poolp" - arena to allocate memory from, or NULL if new arena should be created
 159 */
 160extern NSSCMSMessage *
 161NSS_CMSMessage_Create(PLArenaPool *poolp);
 162
 163/*
 164 * NSS_CMSMessage_SetEncodingParams - set up a CMS message object for encoding or decoding
 165 *
 166 * "cmsg" - message object
 167 * "pwfn", pwfn_arg" - callback function for getting token password
 168 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
 169 * "detached_digestalgs", "detached_digests" - digests from detached content
 170 *
 171 * used internally.
 172 */
 173extern void
 174NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
 175			PK11PasswordFunc pwfn, void *pwfn_arg,
 176			NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
 177			SECAlgorithmID **detached_digestalgs, SECItem **detached_digests);
 178
 179/*
 180 * NSS_CMSMessage_Destroy - destroy a CMS message and all of its sub-pieces.
 181 */
 182extern void
 183NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg);
 184
 185/*
 186 * NSS_CMSMessage_Copy - return a copy of the given message. 
 187 *
 188 * The copy may be virtual or may be real -- either way, the result needs
 189 * to be passed to NSS_CMSMessage_Destroy later (as does the original).
 190 */
 191extern NSSCMSMessage *
 192NSS_CMSMessage_Copy(NSSCMSMessage *cmsg);
 193
 194/*
 195 * NSS_CMSMessage_GetArena - return a pointer to the message's arena pool
 196 */
 197extern PLArenaPool *
 198NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg);
 199
 200/*
 201 * NSS_CMSMessage_GetContentInfo - return a pointer to the top level contentInfo
 202 */
 203extern NSSCMSContentInfo *
 204NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg);
 205
 206/*
 207 * Return a pointer to the actual content. 
 208 * In the case of those types which are encrypted, this returns the *plain* content.
 209 * In case of nested contentInfos, this descends and retrieves the innermost content.
 210 */
 211extern SECItem *
 212NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg);
 213
 214/*
 215 * NSS_CMSMessage_ContentLevelCount - count number of levels of CMS content objects in this message
 216 *
 217 * CMS data content objects do not count.
 218 */
 219extern int
 220NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg);
 221
 222/*
 223 * NSS_CMSMessage_ContentLevel - find content level #n
 224 *
 225 * CMS data content objects do not count.
 226 */
 227extern NSSCMSContentInfo *
 228NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n);
 229
 230/*
 231 * NSS_CMSMessage_ContainsCertsOrCrls - see if message contains certs along the way
 232 */
 233extern PRBool
 234NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg);
 235
 236/*
 237 * NSS_CMSMessage_IsEncrypted - see if message contains a encrypted submessage
 238 */
 239extern PRBool
 240NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg);
 241
 242/*
 243 * NSS_CMSMessage_IsSigned - see if message contains a signed submessage
 244 *
 245 * If the CMS message has a SignedData with a signature (not just a SignedData)
 246 * return true; false otherwise.  This can/should be called before calling
 247 * VerifySignature, which will always indicate failure if no signature is
 248 * present, but that does not mean there even was a signature!
 249 * Note that the content itself can be empty (detached content was sent
 250 * another way); it is the presence of the signature that matters.
 251 */
 252extern PRBool
 253NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg);
 254
 255/*
 256 * NSS_CMSMessage_IsContentEmpty - see if content is empty
 257 *
 258 * returns PR_TRUE is innermost content length is < minLen
 259 * XXX need the encrypted content length (why?)
 260 */
 261extern PRBool
 262NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen);
 263
 264/************************************************************************
 265 * cmscinfo.c - CMS contentInfo methods
 266 ************************************************************************/
 267
 268/*
 269 * NSS_CMSContentInfo_Destroy - destroy a CMS contentInfo and all of its sub-pieces.
 270 */
 271extern void
 272NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo);
 273
 274/*
 275 * NSS_CMSContentInfo_GetChildContentInfo - get content's contentInfo (if it exists)
 276 */
 277extern NSSCMSContentInfo *
 278NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo);
 279
 280/*
 281 * NSS_CMSContentInfo_SetContent - set cinfo's content type & content to CMS object
 282 */
 283extern SECStatus
 284NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECOidTag type, void *ptr);
 285
 286/*
 287 * NSS_CMSContentInfo_SetContent_XXXX - typesafe wrappers for NSS_CMSContentInfo_SetType
 288 *   set cinfo's content type & content to CMS object
 289 */
 290extern SECStatus
 291NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECItem *data, PRBool detached);
 292
 293extern SECStatus
 294NSS_CMSContentInfo_SetContent_SignedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSSignedData *sigd);
 295
 296extern SECStatus
 297NSS_CMSContentInfo_SetContent_EnvelopedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEnvelopedData *envd);
 298
 299extern SECStatus
 300NSS_CMSContentInfo_SetContent_DigestedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSDigestedData *digd);
 301
 302extern SECStatus
 303NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEncryptedData *encd);
 304
 305/*
 306 * NSS_CMSContentInfo_GetContent - get pointer to inner content
 307 *
 308 * needs to be casted...
 309 */
 310extern void *
 311NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo);
 312
 313/* 
 314 * NSS_CMSContentInfo_GetInnerContent - get pointer to innermost content
 315 *
 316 * this is typically only called by NSS_CMSMessage_GetContent()
 317 */
 318extern SECItem *
 319NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo);
 320
 321/*
 322 * NSS_CMSContentInfo_GetContentType{Tag,OID} - find out (saving pointer to lookup result
 323 * for future reference) and return the inner content type.
 324 */
 325extern SECOidTag
 326NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo);
 327
 328extern SECItem *
 329NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo);
 330
 331/*
 332 * NSS_CMSContentInfo_GetContentEncAlgTag - find out (saving pointer to lookup result
 333 * for future reference) and return the content encryption algorithm tag.
 334 */
 335extern SECOidTag
 336NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo);
 337
 338/*
 339 * NSS_CMSContentInfo_GetContentEncAlg - find out and return the content encryption algorithm tag.
 340 */
 341extern SECAlgorithmID *
 342NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo);
 343
 344extern SECStatus
 345NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
 346				    SECOidTag bulkalgtag, SECItem *parameters, int keysize);
 347
 348extern SECStatus
 349NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
 350				    SECAlgorithmID *algid, int keysize);
 351
 352extern void
 353NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey);
 354
 355extern PK11SymKey *
 356NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo);
 357
 358extern int
 359NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo);
 360
 361/************************************************************************
 362 * cmsutil.c - CMS misc utility functions
 363 ************************************************************************/
 364
 365/*
 366 * NSS_CMSArray_SortByDER - sort array of objects by objects' DER encoding
 367 *
 368 * make sure that the order of the objects guarantees valid DER (which must be
 369 * in lexigraphically ascending order for a SET OF); if reordering is necessary it
 370 * will be done in place (in objs).
 371 */
 372extern SECStatus
 373NSS_CMSArray_SortByDER(void **objs, const SEC_ASN1Template *objtemplate, void **objs2);
 374
 375/*
 376 * NSS_CMSUtil_DERCompare - for use with NSS_CMSArray_Sort to
 377 *  sort arrays of SECItems containing DER
 378 */
 379extern int
 380NSS_CMSUtil_DERCompare(void *a, void *b);
 381
 382/*
 383 * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of 
 384 * algorithms.
 385 *
 386 * algorithmArray - array of algorithm IDs
 387 * algid - algorithmid of algorithm to pick
 388 *
 389 * Returns:
 390 *  An integer containing the index of the algorithm in the array or -1 if 
 391 *  algorithm was not found.
 392 */
 393extern int
 394NSS_CMSAlgArray_GetIndexByAlgID(SECAlgorithmID **algorithmArray, SECAlgorithmID *algid);
 395
 396/*
 397 * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of 
 398 * algorithms.
 399 *
 400 * algorithmArray - array of algorithm IDs
 401 * algiddata - id of algorithm to pick
 402 *
 403 * Returns:
 404 *  An integer containing the index of the algorithm in the array or -1 if 
 405 *  algorithm was not found.
 406 */
 407extern int
 408NSS_CMSAlgArray_GetIndexByAlgTag(SECAlgorithmID **algorithmArray, SECOidTag algtag);
 409
 410extern const SECHashObject *
 411NSS_CMSUtil_GetHashObjByAlgID(SECAlgorithmID *algid);
 412
 413extern const SEC_ASN1Template *
 414NSS_CMSUtil_GetTemplateByTypeTag(SECOidTag type);
 415
 416extern size_t
 417NSS_CMSUtil_GetSizeByTypeTag(SECOidTag type);
 418
 419extern NSSCMSContentInfo *
 420NSS_CMSContent_GetContentInfo(void *msg, SECOidTag type);
 421
 422extern const char *
 423NSS_CMSUtil_VerificationStatusToString(NSSCMSVerificationStatus vs);
 424
 425/************************************************************************
 426 * cmssigdata.c - CMS signedData methods
 427 ************************************************************************/
 428
 429extern NSSCMSSignedData *
 430NSS_CMSSignedData_Create(NSSCMSMessage *cmsg);
 431
 432extern void
 433NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd);
 434
 435/*
 436 * NSS_CMSSignedData_Encode_BeforeStart - do all the necessary things to a SignedData
 437 *     before start of encoding.
 438 *
 439 * In detail:
 440 *  - find out about the right value to put into sigd->version
 441 *  - come up with a list of digestAlgorithms (which should be the union of the algorithms
 442 *         in the signerinfos).
 443 *         If we happen to have a pre-set list of algorithms (and digest values!), we
 444 *         check if we have all the signerinfos' algorithms. If not, this is an error.
 445 */
 446extern SECStatus
 447NSS_CMSSignedData_Encode_BeforeStart(NSSCMSSignedData *sigd);
 448
 449extern SECStatus
 450NSS_CMSSignedData_Encode_BeforeData(NSSCMSSignedData *sigd);
 451
 452/*
 453 * NSS_CMSSignedData_Encode_AfterData - do all the necessary things to a SignedData
 454 *     after all the encapsulated data was passed through the encoder.
 455 *
 456 * In detail:
 457 *  - create the signatures in all the SignerInfos
 458 *
 459 * Please note that nothing is done to the Certificates and CRLs in the message - this
 460 * is entirely the responsibility of our callers.
 461 */
 462extern SECStatus
 463NSS_CMSSignedData_Encode_AfterData(NSSCMSSignedData *sigd);
 464
 465extern SECStatus
 466NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd);
 467
 468/*
 469 * NSS_CMSSignedData_Decode_AfterData - do all the necessary things to a SignedData
 470 *     after all the encapsulated data was passed through the decoder.
 471 */
 472extern SECStatus
 473NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd);
 474
 475/*
 476 * NSS_CMSSignedData_Decode_AfterEnd - do all the necessary things to a SignedData
 477 *     after all decoding is finished.
 478 */
 479extern SECStatus
 480NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd);
 481
 482/* 
 483 * NSS_CMSSignedData_GetSignerInfos - retrieve the SignedData's signer list
 484 */
 485extern NSSCMSSignerInfo **
 486NSS_CMSSignedData_GetSignerInfos(NSSCMSSignedData *sigd);
 487
 488extern int
 489NSS_CMSSignedData_SignerInfoCount(NSSCMSSignedData *sigd);
 490
 491extern NSSCMSSignerInfo *
 492NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i);
 493
 494/* 
 495 * NSS_CMSSignedData_GetDigestAlgs - retrieve the SignedData's digest algorithm list
 496 */
 497extern SECAlgorithmID **
 498NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd);
 499
 500/*
 501 * NSS_CMSSignedData_GetContentInfo - return pointer to this signedData's contentinfo
 502 */
 503extern NSSCMSContentInfo *
 504NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd);
 505
 506/* 
 507 * NSS_CMSSignedData_GetCertificateList - retrieve the SignedData's certificate list
 508 */
 509extern SECItem **
 510NSS_CMSSignedData_GetCertificateList(NSSCMSSignedData *sigd);
 511
 512extern SECStatus
 513NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb,
 514				SECCertUsage certusage, PRBool keepcerts);
 515
 516/*
 517 * NSS_CMSSignedData_HasDigests - see if we have digests in place
 518 */
 519extern PRBool
 520NSS_CMSSignedData_HasDigests(NSSCMSSignedData *sigd);
 521
 522/*
 523 * NSS_CMSSignedData_VerifySignerInfo - check a signature.
 524 *
 525 * The digests were either calculated during decoding (and are stored in the
 526 * signedData itself) or set after decoding using NSS_CMSSignedData_SetDigests.
 527 *
 528 * The verification checks if the signing cert is valid and has a trusted chain
 529 * for the purpose specified by "certusage".
 530 */
 531extern SECStatus
 532NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i, CERTCertDBHandle *certdb,
 533				    SECCertUsage certusage);
 534
 535/*
 536 * NSS_CMSSignedData_VerifyCertsOnly - verify the certs in a certs-only message
 537*/
 538extern SECStatus
 539NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd, 
 540                                  CERTCertDBHandle *certdb, 
 541                                  SECCertUsage usage);
 542
 543extern SECStatus
 544NSS_CMSSignedData_AddCertList(NSSCMSSignedData *sigd, CERTCertificateList *certlist);
 545
 546/*
 547 * NSS_CMSSignedData_AddCertChain - add cert and its entire chain to the set of certs 
 548 */
 549extern SECStatus
 550NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert);
 551
 552extern SECStatus
 553NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
 554
 555extern PRBool
 556NSS_CMSSignedData_ContainsCertsOrCrls(NSSCMSSignedData *sigd);
 557
 558extern SECStatus
 559NSS_CMSSignedData_AddSignerInfo(NSSCMSSignedData *sigd,
 560				NSSCMSSignerInfo *signerinfo);
 561
 562extern SECStatus
 563NSS_CMSSignedData_SetDigests(NSSCMSSignedData *sigd,
 564				SECAlgorithmID **digestalgs,
 565				SECItem **digests);
 566
 567extern SECStatus
 568NSS_CMSSignedData_SetDigestValue(NSSCMSSignedData *sigd,
 569				SECOidTag digestalgtag,
 570				SECItem *digestdata);
 571
 572extern SECStatus
 573NSS_CMSSignedData_AddDigest(PRArenaPool *poolp,
 574				NSSCMSSignedData *sigd,
 575				SECOidTag digestalgtag,
 576				SECItem *digest);
 577
 578extern SECItem *
 579NSS_CMSSignedData_GetDigestValue(NSSCMSSignedData *sigd, SECOidTag digestalgtag);
 580
 581/*
 582 * NSS_CMSSignedData_CreateCertsOnly - create a certs-only SignedData.
 583 *
 584 * cert          - base certificates that will be included
 585 * include_chain - if true, include the complete cert chain for cert
 586 *
 587 * More certs and chains can be added via AddCertificate and AddCertChain.
 588 *
 589 * An error results in a return value of NULL and an error set.
 590 */
 591extern NSSCMSSignedData *
 592NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PRBool include_chain);
 593
 594/************************************************************************
 595 * cmssiginfo.c - signerinfo methods
 596 ************************************************************************/
 597
 598extern NSSCMSSignerInfo *
 599NSS_CMSSignerInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert, SECOidTag digestalgtag);
 600extern NSSCMSSignerInfo *
 601NSS_CMSSignerInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg, SECItem *subjKeyID, SECKEYPublicKey *pubKey, SECKEYPrivateKey *signingKey, SECOidTag digestalgtag);
 602
 603/*
 604 * NSS_CMSSignerInfo_Destroy - destroy a SignerInfo data structure
 605 */
 606extern void
 607NSS_CMSSignerInfo_Destroy(NSSCMSSignerInfo *si);
 608
 609/*
 610 * NSS_CMSSignerInfo_Sign - sign something
 611 *
 612 */
 613extern SECStatus
 614NSS_CMSSignerInfo_Sign(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType);
 615
 616extern SECStatus
 617NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb,
 618			    SECCertUsage certusage);
 619
 620/*
 621 * NSS_CMSSignerInfo_Verify - verify the signature of a single SignerInfo
 622 *
 623 * Just verifies the signature. The assumption is that verification of the certificate
 624 * is done already.
 625 */
 626extern SECStatus
 627NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType);
 628
 629extern NSSCMSVerificationStatus
 630NSS_CMSSignerInfo_GetVerificationStatus(NSSCMSSignerInfo *signerinfo);
 631
 632extern SECOidData *
 633NSS_CMSSignerInfo_GetDigestAlg(NSSCMSSignerInfo *signerinfo);
 634
 635extern SECOidTag
 636NSS_CMSSignerInfo_GetDigestAlgTag(NSSCMSSignerInfo *signerinfo);
 637
 638extern int
 639NSS_CMSSignerInfo_GetVersion(NSSCMSSignerInfo *signerinfo);
 640
 641extern CERTCertificateList *
 642NSS_CMSSignerInfo_GetCertList(NSSCMSSignerInfo *signerinfo);
 643
 644/*
 645 * NSS_CMSSignerInfo_GetSigningTime - return the signing time,
 646 *				      in UTCTime format, of a CMS signerInfo.
 647 *
 648 * sinfo - signerInfo data for this signer
 649 *
 650 * Returns a pointer to XXXX (what?)
 651 * A return value of NULL is an error.
 652 */
 653extern SECStatus
 654NSS_CMSSignerInfo_GetSigningTime(NSSCMSSignerInfo *sinfo, PRTime *stime);
 655
 656/*
 657 * Return the signing cert of a CMS signerInfo.
 658 *
 659 * the certs in the enclosing SignedData must have been imported already
 660 */
 661extern CERTCertificate *
 662NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb);
 663
 664/*
 665 * NSS_CMSSignerInfo_GetSignerCommonName - return the common name of the signer
 666 *
 667 * sinfo - signerInfo data for this signer
 668 *
 669 * Returns a pointer to allocated memory, which must be freed with PORT_Free.
 670 * A return value of NULL is an error.
 671 */
 672extern char *
 673NSS_CMSSignerInfo_GetSignerCommonName(NSSCMSSignerInfo *sinfo);
 674
 675/*
 676 * NSS_CMSSignerInfo_GetSignerEmailAddress - return the common name of the signer
 677 *
 678 * sinfo - signerInfo data for this signer
 679 *
 680 * Returns a pointer to allocated memory, which must be freed.
 681 * A return value of NULL is an error.
 682 */
 683extern char *
 684NSS_CMSSignerInfo_GetSignerEmailAddress(NSSCMSSignerInfo *sinfo);
 685
 686/*
 687 * NSS_CMSSignerInfo_AddAuthAttr - add an attribute to the
 688 * authenticated (i.e. signed) attributes of "signerinfo". 
 689 */
 690extern SECStatus
 691NSS_CMSSignerInfo_AddAuthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr);
 692
 693/*
 694 * NSS_CMSSignerInfo_AddUnauthAttr - add an attribute to the
 695 * unauthenticated attributes of "signerinfo". 
 696 */
 697extern SECStatus
 698NSS_CMSSignerInfo_AddUnauthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr);
 699
 700/* 
 701 * NSS_CMSSignerInfo_AddSigningTime - add the signing time to the
 702 * authenticated (i.e. signed) attributes of "signerinfo". 
 703 *
 704 * This is expected to be included in outgoing signed
 705 * messages for email (S/MIME) but is likely useful in other situations.
 706 *
 707 * This should only be added once; a second call will do nothing.
 708 *
 709 * XXX This will probably just shove the current time into "signerinfo"
 710 * but it will not actually get signed until the entire item is
 711 * processed for encoding.  Is this (expected to be small) delay okay?
 712 */
 713extern SECStatus
 714NSS_CMSSignerInfo_AddSigningTime(NSSCMSSignerInfo *signerinfo, PRTime t);
 715
 716/*
 717 * NSS_CMSSignerInfo_AddSMIMECaps - add a SMIMECapabilities attribute to the
 718 * authenticated (i.e. signed) attributes of "signerinfo".
 719 *
 720 * This is expected to be included in outgoing signed
 721 * messages for email (S/MIME).
 722 */
 723extern SECStatus
 724NSS_CMSSignerInfo_AddSMIMECaps(NSSCMSSignerInfo *signerinfo);
 725
 726/*
 727 * NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
 728 * authenticated (i.e. signed) attributes of "signerinfo".
 729 *
 730 * This is expected to be included in outgoing signed messages for email (S/MIME).
 731 */
 732SECStatus
 733NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb);
 734
 735/*
 736 * NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
 737 * authenticated (i.e. signed) attributes of "signerinfo", using the OID prefered by Microsoft.
 738 *
 739 * This is expected to be included in outgoing signed messages for email (S/MIME),
 740 * if compatibility with Microsoft mail clients is wanted.
 741 */
 742SECStatus
 743NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb);
 744
 745/* 
 746 * NSS_CMSSignerInfo_AddCounterSignature - countersign a signerinfo
 747 */
 748extern SECStatus
 749NSS_CMSSignerInfo_AddCounterSignature(NSSCMSSignerInfo *signerinfo,
 750				    SECOidTag digestalg, CERTCertificate signingcert);
 751
 752/*
 753 * XXXX the following needs to be done in the S/MIME layer code
 754 * after signature of a signerinfo is verified
 755 */
 756extern SECStatus
 757NSS_SMIMESignerInfo_SaveSMIMEProfile(NSSCMSSignerInfo *signerinfo);
 758
 759/*
 760 * NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signer
 761 */
 762extern SECStatus
 763NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo, NSSCMSCertChainMode cm, SECCertUsage usage);
 764
 765/************************************************************************
 766 * cmsenvdata.c - CMS envelopedData methods
 767 ************************************************************************/
 768
 769/*
 770 * NSS_CMSEnvelopedData_Create - create an enveloped data message
 771 */
 772extern NSSCMSEnvelopedData *
 773NSS_CMSEnvelopedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize);
 774
 775/*
 776 * NSS_CMSEnvelopedData_Destroy - destroy an enveloped data message
 777 */
 778extern void
 779NSS_CMSEnvelopedData_Destroy(NSSCMSEnvelopedData *edp);
 780
 781/*
 782 * NSS_CMSEnvelopedData_GetContentInfo - return pointer to this envelopedData's contentinfo
 783 */
 784extern NSSCMSContentInfo *
 785NSS_CMSEnvelopedData_GetContentInfo(NSSCMSEnvelopedData *envd);
 786
 787/*
 788 * NSS_CMSEnvelopedData_AddRecipient - add a recipientinfo to the enveloped data msg
 789 *
 790 * rip must be created on the same pool as edp - this is not enforced, though.
 791 */
 792extern SECStatus
 793NSS_CMSEnvelopedData_AddRecipient(NSSCMSEnvelopedData *edp, NSSCMSRecipientInfo *rip);
 794
 795/*
 796 * NSS_CMSEnvelopedData_Encode_BeforeStart - prepare this envelopedData for encoding
 797 *
 798 * at this point, we need
 799 * - recipientinfos set up with recipient's certificates
 800 * - a content encryption algorithm (if none, 3DES will be used)
 801 *
 802 * this function will generate a random content encryption key (aka bulk key),
 803 * initialize the recipientinfos with certificate identification and wrap the bulk key
 804 * using the proper algorithm for every certificiate.
 805 * it will finally set the bulk algorithm and key so that the encode step can find it.
 806 */
 807extern SECStatus
 808NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd);
 809
 810/*
 811 * NSS_CMSEnvelopedData_Encode_BeforeData - set up encryption
 812 */
 813extern SECStatus
 814NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd);
 815
 816/*
 817 * NSS_CMSEnvelopedData_Encode_AfterData - finalize this envelopedData for encoding
 818 */
 819extern SECStatus
 820NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd);
 821
 822/*
 823 * NSS_CMSEnvelopedData_Decode_BeforeData - find our recipientinfo, 
 824 * derive bulk key & set up our contentinfo
 825 */
 826extern SECStatus
 827NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd);
 828
 829/*
 830 * NSS_CMSEnvelopedData_Decode_AfterData - finish decrypting this envelopedData's content
 831 */
 832extern SECStatus
 833NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd);
 834
 835/*
 836 * NSS_CMSEnvelopedData_Decode_AfterEnd - finish decoding this envelopedData
 837 */
 838extern SECStatus
 839NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd);
 840
 841
 842/************************************************************************
 843 * cmsrecinfo.c - CMS recipientInfo methods
 844 ************************************************************************/
 845
 846/*
 847 * NSS_CMSRecipientInfo_Create - create a recipientinfo
 848 *
 849 * we currently do not create KeyAgreement recipientinfos with multiple recipientEncryptedKeys
 850 * the certificate is supposed to have been verified by the caller
 851 */
 852extern NSSCMSRecipientInfo *
 853NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert);
 854
 855extern NSSCMSRecipientInfo *
 856NSS_CMSRecipientInfo_CreateWithSubjKeyID(NSSCMSMessage   *cmsg, 
 857                                         SECItem         *subjKeyID,
 858                                         SECKEYPublicKey *pubKey);
 859
 860extern NSSCMSRecipientInfo *
 861NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert(NSSCMSMessage *cmsg, 
 862                                                 CERTCertificate *cert);
 863
 864/*
 865 * NSS_CMSRecipientInfo_CreateNew - create a blank recipientinfo for 
 866 * applications which want to encode their own CMS structures and
 867 * key exchange types.
 868 */
 869extern NSSCMSRecipientInfo *
 870NSS_CMSRecipientInfo_CreateNew(void* pwfn_arg);
 871
 872/*
 873 * NSS_CMSRecipientInfo_CreateFromDER - create a recipientinfo  from partially
 874 * decoded DER data for applications which want to encode their own CMS 
 875 * structures and key exchange types.
 876 */
 877extern NSSCMSRecipientInfo *
 878NSS_CMSRecipientInfo_CreateFromDER(SECItem* input, void* pwfn_arg);
 879
 880extern void
 881NSS_CMSRecipientInfo_Destroy(NSSCMSRecipientInfo *ri);
 882
 883/*
 884 * NSS_CMSRecipientInfo_GetCertAndKey - retrieve the cert and key from the
 885 * recipientInfo struct. If retcert or retkey are NULL, the cert or 
 886 * key (respectively) would not be returned). This function is a no-op if both 
 887 * retcert and retkey are NULL. Caller inherits ownership of the cert and key
 888 * he requested (and is responsible to free them).
 889 */
 890SECStatus NSS_CMSRecipientInfo_GetCertAndKey(NSSCMSRecipientInfo *ri,
 891   CERTCertificate** retcert, SECKEYPrivateKey** retkey);
 892
 893extern int
 894NSS_CMSRecipientInfo_GetVersion(NSSCMSRecipientInfo *ri);
 895
 896extern SECItem *
 897NSS_CMSRecipientInfo_GetEncryptedKey(NSSCMSRecipientInfo *ri, int subIndex);
 898
 899/*
 900 * NSS_CMSRecipientInfo_Encode - encode an NSS_CMSRecipientInfo as ASN.1
 901 */
 902SECStatus NSS_CMSRecipientInfo_Encode(PRArenaPool* poolp,
 903                                      const NSSCMSRecipientInfo *src,
 904                                      SECItem* returned);
 905
 906extern SECOidTag
 907NSS_CMSRecipientInfo_GetKeyEncryptionAlgorithmTag(NSSCMSRecipientInfo *ri);
 908
 909extern SECStatus
 910NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, SECOidTag bulkalgtag);
 911
 912extern PK11SymKey *
 913NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
 914		CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag);
 915
 916/************************************************************************
 917 * cmsencdata.c - CMS encryptedData methods
 918 ************************************************************************/
 919/*
 920 * NSS_CMSEncryptedData_Create - create an empty encryptedData object.
 921 *
 922 * "algorithm" specifies the bulk encryption algorithm to use.
 923 * "keysize" is the key size.
 924 * 
 925 * An error results in a return value of NULL and an error set.
 926 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
 927 */
 928extern NSSCMSEncryptedData *
 929NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize);
 930
 931/*
 932 * NSS_CMSEncryptedData_Destroy - destroy an encryptedData object
 933 */
 934extern void
 935NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd);
 936
 937/*
 938 * NSS_CMSEncryptedData_GetContentInfo - return pointer to encryptedData object's contentInfo
 939 */
 940extern NSSCMSContentInfo *
 941NSS_CMSEncryptedData_GetContentInfo(NSSCMSEncryptedData *encd);
 942
 943/*
 944 * NSS_CMSEncryptedData_Encode_BeforeStart - do all the necessary things to a EncryptedData
 945 *     before encoding begins.
 946 *
 947 * In particular:
 948 *  - set the correct version value.
 949 *  - get the encryption key
 950 */
 951extern SECStatus
 952NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd);
 953
 954/*
 955 * NSS_CMSEncryptedData_Encode_BeforeData - set up encryption
 956 */
 957extern SECStatus
 958NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd);
 959
 960/*
 961 * NSS_CMSEncryptedData_Encode_AfterData - finalize this encryptedData for encoding
 962 */
 963extern SECStatus
 964NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd);
 965
 966/*
 967 * NSS_CMSEncryptedData_Decode_BeforeData - find bulk key & set up decryption
 968 */
 969extern SECStatus
 970NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd);
 971
 972/*
 973 * NSS_CMSEncryptedData_Decode_AfterData - finish decrypting this encryptedData's content
 974 */
 975extern SECStatus
 976NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd);
 977
 978/*
 979 * NSS_CMSEncryptedData_Decode_AfterEnd - finish decoding this encryptedData
 980 */
 981extern SECStatus
 982NSS_CMSEncryptedData_Decode_AfterEnd(NSSCMSEncryptedData *encd);
 983
 984/************************************************************************
 985 * cmsdigdata.c - CMS encryptedData methods
 986 ************************************************************************/
 987/*
 988 * NSS_CMSDigestedData_Create - create a digestedData object (presumably for encoding)
 989 *
 990 * version will be set by NSS_CMSDigestedData_Encode_BeforeStart
 991 * digestAlg is passed as parameter
 992 * contentInfo must be filled by the user
 993 * digest will be calculated while encoding
 994 */
 995extern NSSCMSDigestedData *
 996NSS_CMSDigestedData_Create(NSSCMSMessage *cmsg, SECAlgorithmID *digestalg);
 997
 998/*
 999 * NSS_CMSDigestedData_Destroy - destroy a digestedData object
1000 */
1001extern void
1002NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd);
1003
1004/*
1005 * NSS_CMSDigestedData_GetContentInfo - return pointer to digestedData object's contentInfo
1006 */
1007extern NSSCMSContentInfo *
1008NSS_CMSDigestedData_GetContentInfo(NSSCMSDigestedData *digd);
1009
1010/*
1011 * NSS_CMSDigestedData_Encode_BeforeStart - do all the necessary things to a DigestedData
1012 *     before encoding begins.
1013 *
1014 * In particular:
1015 *  - set the right version number. The contentInfo's content type must be set up already.
1016 */
1017extern SECStatus
1018NSS_CMSDigestedData_Encode_BeforeStart(NSSCMSDigestedData *digd);
1019
1020/*
1021 * NSS_CMSDigestedData_Encode_BeforeData - do all the necessary things to a DigestedData
1022 *     before the encapsulated data is passed through the encoder.
1023 *
1024 * In detail:
1025 *  - set up the digests if necessary
1026 */
1027extern SECStatus
1028NSS_CMSDigestedData_Encode_BeforeData(NSSCMSDigestedData *digd);
1029
1030/*
1031 * NSS_CMSDigestedData_Encode_AfterData - do all the necessary things to a DigestedData
1032 *     after all the encapsulated data was passed through the encoder.
1033 *
1034 * In detail:
1035 *  - finish the digests
1036 */
1037extern SECStatus
1038NSS_CMSDigestedData_Encode_AfterData(NSSCMSDigestedData *digd);
1039
1040/*
1041 * NSS_CMSDigestedData_Decode_BeforeData - do all the necessary things to a DigestedData
1042 *     before the encapsulated data is passed through the encoder.
1043 *
1044 * In detail:
1045 *  - set up the digests if necessary
1046 */
1047extern SECStatus
1048NSS_CMSDigestedData_Decode_BeforeData(NSSCMSDigestedData *digd);
1049
1050/*
1051 * NSS_CMSDigestedData_Decode_AfterData - do all the necessary things to a DigestedData
1052 *     after all the encapsulated data was passed through the encoder.
1053 *
1054 * In detail:
1055 *  - finish the digests
1056 */
1057extern SECStatus
1058NSS_CMSDigestedData_Decode_AfterData(NSSCMSDigestedData *digd);
1059
1060/*
1061 * NSS_CMSDigestedData_Decode_AfterEnd - finalize a digestedData.
1062 *
1063 * In detail:
1064 *  - check the digests for equality
1065 */
1066extern SECStatus
1067NSS_CMSDigestedData_Decode_AfterEnd(NSSCMSDigestedData *digd);
1068
1069/************************************************************************
1070 * cmsdigest.c - digestion routines
1071 ************************************************************************/
1072
1073/*
1074 * NSS_CMSDigestContext_StartMultiple - start digest calculation using all the
1075 *  digest algorithms in "digestalgs" in parallel.
1076 */
1077extern NSSCMSDigestContext *
1078NSS_CMSDigestContext_StartMultiple(SECAlgorithmID **digestalgs);
1079
1080/*
1081 * NSS_CMSDigestContext_StartSingle - same as NSS_CMSDigestContext_StartMultiple, but
1082 *  only one algorithm.
1083 */
1084extern NSSCMSDigestContext *
1085NSS_CMSDigestContext_StartSingle(SECAlgorithmID *digestalg);
1086
1087/*
1088 * NSS_CMSDigestContext_Update - feed more data into the digest machine
1089 */
1090extern void
1091NSS_CMSDigestContext_Update(NSSCMSDigestContext *cmsdigcx, const unsigned char *data, int len);
1092
1093/*
1094 * NSS_CMSDigestContext_Cancel - cancel digesting operation
1095 */
1096extern void
1097NSS_CMSDigestContext_Cancel(NSSCMSDigestContext *cmsdigcx);
1098
1099/*
1100 * NSS_CMSDigestContext_FinishMultiple - finish the digests and put them
1101 *  into an array of SECItems (allocated on poolp)
1102 */
1103extern SECStatus
1104NSS_CMSDigestContext_FinishMultiple(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
1105			    SECItem ***digestsp);
1106
1107/*
1108 * NSS_CMSDigestContext_FinishSingle - same as NSS_CMSDigestContext_FinishMultiple,
1109 *  but for one digest.
1110 */
1111extern SECStatus
1112NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
1113			    SECItem *digest);
1114
1115/************************************************************************
1116 * 
1117 ************************************************************************/
1118
1119/* shortcuts for basic use */
1120
1121/*
1122 * NSS_CMSDEREncode - DER Encode a CMS message, with input being
1123 *                    the plaintext message and derOut being the output,
1124 *                    stored in arena's pool.
1125 */
1126extern SECStatus
1127NSS_CMSDEREncode(NSSCMSMessage *cmsg, SECItem *input, SECItem *derOut, 
1128                 PLArenaPool *arena);
1129
1130
1131/************************************************************************/
1132SEC_END_PROTOS
1133
1134#endif /* _CMS_H_ */